NTRU公钥密码的量子算法攻击研究
首发时间:2021-03-30
摘要:NTRU作为近期NIST征集的后量子密码算法之一,分析其量子安全性具有重要意义。2015年,Scott基于Grover搜索算法给出对NTRU公钥密码的量子攻击。在乘积多项式模式下,该攻击对小系数多项式私钥的搜索具有平方加速效果(IACR Cryptology ePrint Archive, 2015:676, 2015)。然而,该攻击不仅需要一个强量子Oracle假设,且需要在Grover叠加查询过程中多次维护一个指数大的列表。针对此问题,本文发现Claw-Finding量子算法对NTRU密码具有同样的攻击效果,并且可以有效避免上述问题。然而,原Claw-Finding算法中针对的函数输出值为单比特,不适用于分析NTRU。因此本文对原Claw-Finding算法进行了修改,即当访问的两个函数输出为比特串时,算法依然可以找到Claw。最后本文给出针对NTRU密码在私钥搜索方面具有平方加速的量子攻击算法,避免了强量子Oracle的假设,且不需要维护指数大小的列表,并给出所提量子攻击与Scott攻击方法的比较。
关键词: NTRU Claw-Finding算法 Grover算法
For information in English, please click here
Research on Quantum Algorithm Attack of NTRU Public Key Cryptography
Abstract:NTRU is one of candidates of post-quantum cryptography which is supported by NIST recently. It is important to analyze the security of NTRU in the quantum circumstance. In 2015, Scott proposed a quantum attack on NTRU cryptosystem based on Grover search algorithm. In the product polynomial method, the attack can reach quadratic speedup on the search of small coefficient polynomial private key (IACR Cryptology ePrint Archive, 2015:676, 2015). However, there exist a strong assumption of quantum oracle in this attack.,but also needs to maintain a large exponential list many times during Grover overlay query. To solve this problem, we find that the claw finding quantum algorithm has the same attack effect on NTRU cryptosystem, and can effectively avoid the above problems. However, the original Claw-Finding algorithm aims at the functions whose output is one bit. Hence, the original Claw-Finding algorithm cannot be used to analyze NTRU directly. Therefore, we need to modify the Claw-Finding algorithm here. The modified Claw-Finding algorithm can still find the claw even the output of function is bit-serial. Finally, this paper presents a quantum attack algorithm with quadratic speedup for NTRU cryptosystem in private key search, avoids the assumption of strong quantum Oracle, and does not need to maintain the list of exponential size. Then, we give the comparison of the proposed quantum attack and the attack presented by Scott.
Keywords: NTRU Claw-Finding Algorithm Grover Algorithm
引用
No.****
同行评议
勘误表
NTRU公钥密码的量子算法攻击研究
评论
全部评论0/1000